[ C H R O N I C L E ]
Computer security is a crucial challenge. Today, attacks are increasing and target organisations as well as objects and people: theft of the data of 143 million Equifax (credit agency) customers; encryption of computers for massive ransoming of the city of Atlanta in the United States and hospitals in the United Kingdom; attacks on the Ukrainian electricity network; major security flaws in connected pacemakers and insulin pumps... The list is getting longer every day. The entry points for these attacks are usually either human carelessness (phishing), or the exploitation of mini-breaches in our system software. Construction kits for such attacks are traded on the web for a few hundred dollars.
However, a new type of attacks, such as Meltdown, Spectre and BranchScope, has been discovered by scientists. They concern the most intimate hardware optimisation mechanisms of modern microprocessors, through the subtle difference between their architecture and their micro-architecture. The first defines the execution of a programme, specifying which part of a user’s memory should remain invisible from any other programme. The second makes calculations, using three optimisations to accelerate them: caches, branch prediction and speculative execution. A cache is a small, rapid memory used to make up for slowness of access to the main memory (RAM) which can take more than one hundred processor cycles. The most recent or most used values are stored in it. Branch prediction analyses tests, that decide whether the execution should continue in sequence or jump to another point in the programme. As a test can be long to evaluate, execution statistics are used to speculatively start down one of the possible branches, getting ahead if it is the right one and cancelling the speculative calculation if not. Speculative execution uses additional resources to start to execute the next instructions before the end of the instruction in progress. If they turn out to be useless, they have to be cancelled.
All these mechanisms seemed safe. But researchers have found hidden channels enabling data to escape through resources not planned by the micro-architects. Using spyware, Meltdown and Spectre force optimisations to fail; speculative execution for Meltdown and branch prediction for Spectre. In the user programme, this causes private data, not usually readable, to be cached, enabling detection by the spyware because cached data can be read far more quickly than if it had remained in the main memory (this is the hidden channel). The spyware can read the user’s whole secret memory, on a shared cloud computing service for example. By causing branch prediction to fail, BranchScope can be used to know the result of any given test. If for example the test is for a bit of a secret cryptography key, the key can be gradually and entirely known, even in new hardware security mechanisms recently implemented in microprocessors.
The details of these three attacks, subtle but public and well-explained in these articles, can be devastating. All manufacturers have tried to counter them. Meltdown is countered with a known software solution. For Spectre, current corrections are only partial and have caused a few headaches by blocking some systems. I have no information about BranchScope. Luckily, these attacks were discovered by researchers and not by malicious organisations, but we can not exclude that other even more subtle vulnerabilities are being studied elsewhere. Changing the micro-architecture of processors to counter them without affecting performances will not be easy, and replacing billions of processors currently in operation is out of the question. To be continued therefore!
Gérard Berry is a professor at the Collège de France, member of the french Academy of Sciences and CNRS gold medal in 2014.